South African Banking Risk Information Center (SABRIC), on behalf of the banking industry, warns bank customers about protecting their mobile devices, following significant increase in criminal theft activity phone.
Cell phone theft is not a new phenomenon, however, SABRIC is seeing an emerging trend where cell phones stolen from their owners provide criminals with the ability to access personal and even confidential information of the victim which can then be accessed. used to commit a crime.
“During 2020, there has been a significant increase in banking app fraud as a result of cell phone theft,” he said in an annual report on crimes committed last year. “It is important to note that there have been no reports where the banking application software has been compromised to commit the fraud,” SABRIC said.
He stated that while there are various methods and techniques used in the cell phone removal modus operandi, the correct credentials are used to access the application. “These credentials may have previously been compromised by social engineering methods, such as shoulder surfing or phishing, however, in many cases the credentials have been compromised by vulnerabilities in the management of this information. “
For example, the credentials were saved elsewhere on the device, or the same username and password were used in multiple apps. SABRIC noted an increase in the number of incidents involving SIM card exchanges in 2020 with 26.11% (2,684) compared to 8% (855) in 2019.
There are several ways criminals can access information stored on your cell phone in the event of theft, in an attempt to defraud you, the association said. “One way is to literally go to every open app on your unlocked phone and view your sensitive data. Another is to use social engineering to get your usernames and passwords stored in the cloud. “
The tactics used can be vishing, where criminals call you and manipulate you into believing they are from the bank to coerce you into revealing confidential information like PINs or passwords or phishing where you receive an email, which you believe to be from the bank or a legitimate service provider, that asks you to click on a link that asks for your PINs or passwords.
Once your password has been compromised on your stolen phone, all other credentials are available and can be exploited. In addition to social engineering, your credentials could also be compromised by shoulder surfing in public places such as restaurants.
Insurance broker and risk advisory service Aon said brazen criminals are willing to risk their lives and bodies to grab an R20,000 smartphone and run away with – phones left on tables right next to you in restaurants, in vehicles hooked up to car kits, looking out of back pockets, and even in use and against your ear – it’s a fair game for criminals who will dock anyone to get their hands on a smartphone paycheck.
Criminals seek out soft, distracted targets who ignore their surroundings and typically strike with lightning speed, snatching the phone from your hands and then disappearing into a waiting car for a quick jaunt.
With a booming illicit market for such stolen goods, Aon South Africa is warning consumers to be very careful and vigilant, and to keep phones out of sight and safely store them when not in use. Besides stealing the phone, the big concern is that criminals are also interested in the valuable personal data stored on the device.
“Criminals usually grab your phone while you’re busy there and the phone is unlocked, giving them full access to everything on your cell phone. This includes banking apps, delivery services, and any other personal information that may be used for fraudulent purposes, such as a copy of your ID, bank statements, proof of residence in addition to full access. to your e-mail and your SIM card.
“Even if you have security measures in place, such as fingerprint readers or facial recognition software, criminals can bypass those measures in seconds, gain access to your information, and then make your phone disappear on the Internet. illicit cell phone market, ”said Ann Cloete of Aon South Africa.
“There are many ways for criminals to access and use the personal data stored on your mobile device: from viewing all of your personal data, from where you live, to social engineering to get data. sensitive and trick others into believing they are dealing with you, for phishing and SIM card exchanges, to make you believe that you are dealing with a legitimate service provider and to compromise your passwords and PINs ” , Cloete said.
Aon provides the following tips to mitigate and manage your risks to the extent possible:
- Avoid falling victim to cell phone theft as much as possible – hide your device in your bag or jacket, never “walk and talk” in public as this makes you an easy and distracted target. Leave messages, WhatsApp texts, and news feeds until you are home or work and in a safe place to view and reply to them. Never leave your phone unattended or on a table where criminals can see it. Switch off your phone in the car and store your phone out of sight.
- Inform your bank – If your phone is stolen, contact your bank immediately to secure your accounts and cards and deactivate your banking application. Confirm with your bank the next steps if criminals gain access to your account.
- Freeze your contract – Contact your mobile service provider and freeze your mobile phone account and block your SIM card to stop data usage and all phone calls from your mobile phone, which may be an additional cost for which you would be responsible. Blacklist your phone with your wireless service provider.
- Protect your personal documents – If your device contains personal information such as your identity information, proof of address and any other sensitive information, contact the South African Fraud Prevention Services (SAFPS) by phone (0860 101 248), by e-mail. -mail or online. Any fraudulent activity on your account could affect your credit rating and could even put you on a blacklist, which is why it will be wise to contact the credit mediator if you are the victim of fraudulent activity to resolve disputes.
- Change passwords – make a list of all the apps, email and social media accounts you have on your phone and change the password for each one. This will help greatly in reducing any fraudulent activity using your cell phone.
- Notify family and friends – Let your family and friends know that your cell phone has been compromised and do not respond to any requests from people who identify themselves as you – this is called social engineering.
Insure yourself properly for your phone replacement, Aon said. Make sure that your mobile devices and those of your family members are specified in your All Perils coverage of your policy up to the make, model and serial number.
Some insurance policies also include coverage for mechanical and electrical failures of phones such as cracked screens, water damage, and damage to the touchscreen or camera.
Aon stated that it has a “Funds Protection” solution, which covers you in the event that an account in your name is lost as a result of an unrecoverable funds transfer with your financial institution or a bank. third. Coverage is specifically designed to cover you with funds that are transferred out of your account, whether or not your account has been authorized for loss.
The coverage offered by a personal Funds Protect policy will be triggered in the event of:
- Email interception fraud
- Transactions due to your stolen identity
- EFT / deposit scams
- Hacking / phishing / vishing attacks
- Requests for ransomware attacks, denial of service attacks, etc.
- Fraudulent invoices
- Sim Trade Fraud
- Fraud by TEF
- Online banking fraud
- Online shopping fraud
- Vacation scams
- Fake classifieds
- Rental of fake properties
“It is essential to immediately contact your bank in the event of your phone being pulled or stolen in order to stop all transactions. Make sure you have purchased enough Funds Protect coverage to mitigate the total financial loss as banks are unlikely to reimburse transactions related to the theft of a cell phone.
“For example, if you purchased R 25,000 Funds Protect coverage but all of your bank accounts are accessible, your losses could amount to well over R 25,000 and potentially be financially crippling. Funds Protect is relatively inexpensive for what it provides and will be a lifeline in the event of a loss of funds, ”said Cloete.
Read: Capitec is looking for 500 jobs – this is what they are looking for